From 8798940cad00296d3a9e88988e6678eef670d21a Mon Sep 17 00:00:00 2001
From: Linnnus <linnnus@users.noreply.github.com>
Date: Sat, 30 Sep 2023 12:09:19 +0200
Subject: Move secret management to agenix

- https://nixos.wiki/wiki/Agenix
- https://github.com/ryantm/agenix
- https://jonascarpay.com/posts/2021-07-27-agenix.html
---
 secrets/cloudflare-ddns-token.age | 19 +++++++++++++++++++
 secrets/secrets.nix               | 10 ++++++++++
 2 files changed, 29 insertions(+)
 create mode 100644 secrets/cloudflare-ddns-token.age
 create mode 100644 secrets/secrets.nix

(limited to 'secrets')

diff --git a/secrets/cloudflare-ddns-token.age b/secrets/cloudflare-ddns-token.age
new file mode 100644
index 0000000..280ae85
--- /dev/null
+++ b/secrets/cloudflare-ddns-token.age
@@ -0,0 +1,19 @@
+age-encryption.org/v1
+-> ssh-ed25519 mPg9Wg gHYl+dLO8N5gCWv2x5qtuEvTrrL4XlLcT2Q6Zngb5WM
+BBoS++7s6L4JCZWDkIyyNdf5QDMB1zGUghOOFWo2EC4
+-> ssh-rsa 5MROTA
+QxtsUXR+3Flq0iZFtLsJTGM3nq5770pzOFUpLxVjhxg1gzEhRclgjYpn7m3TSAjp
+J+AUwRN8KlrFecggllmpoY9wyKYUjgvu6a8hh9TCFOytRDoIKtBQasSRH2eM6VrF
+wTlJ3MPoP8GJ6iNyHE5hlFHHc3P9HxqNK+qZfRB9zCN4zY8NQi+QmAexE9gPuVRL
+c7sOxAH/Ov4zQ9WMnGdAW7wPHyET5b3woW3ju9fJr08UtuavMyEMgHk6gKtsBkM6
+bK5fraFrbkWv3lW3SS6GRqT0sN14/zIP9CfaHu8GWG4TOdDV/d6HlJ5U+BvGQp3z
+lU54v2JfmPDtbPefzmG3+8GXb9ITCMUrGIfnHXaw4hoe8/WzSz46ZWufnPnzlWvn
+p7WDouB9lRH7/aMyIdPbKAfPIzeg1yKs3n6BXA/4ENa/msQ7MqKZpHJGinx6Yfde
+EErwThHTJXo/F8wCQRIHpAMOcHnpZHPV8rGR411A9wlZrWp00otkukSBAw4/teX6
+MfmXM14kFlYlg3uW4NO0TpelNFrBHHBFNzmIjadResQe1TW4rJ/X2aznw3jXbzii
+/rWGQIiSc4xpZbao9ZQktPtErCtU1vjJmc41qmSJgwUb81XSA8tLK5+T54KEOxM4
+eycpp8TiNE2vUnP4bVu+o8svwYDAzsxoD07RCTYFoSM
+-> dw-grease
+NVGg1adhRcMDrvPKNfly
+--- KcSrc4BXUEzO72Kl/qCJ+Ild9FjCMDyTwZl1Lpjj8LQ
+9N¡?Äæ!}lÎrá/Ø_é-¯Tà‘€dTyÄJúÐ_I¨ÙED@ZºnIÁ¢¨­9ŒHf½Ä›rÀn‡a¬O‰ûßá®·ÿš¼c—O¹¸ý'è…LxÕŽN¶®ã3
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 0000000..0f349a8
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,10 @@
+# This file conatins configuration for the agenix CLI. It is not actually
+# imported into the system cofniguration.
+
+let
+  metadata = builtins.fromTOML (builtins.readFile ../metadata.toml);
+  publicKeys = map (builtins.getAttr "sshPubKey") (builtins.attrValues metadata.hosts);
+in
+{
+  "cloudflare-ddns-token.age".publicKeys = publicKeys;
+}
-- 
cgit v1.2.3